On August 18, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included in the release is a formal agreement between the OCC and a New York-based bank from July 13 in connection with alleged unsafe or unsound practices relating to information technology security and controls and information technology risk governance. The agreement requires the bank to: (i) establish a compliance committee to monitor the bank’s progress in complying with the agreement’s provisions; (ii) report such progress to the bank’s board on a quarterly basis; and (iii) develop, implement, and adhere to a written risk-based IT assurance and testing program.